Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/SGkZ0ogQXFx_KZPON9rrBZ2DOjg.roa
File:                     SGkZ0ogQXFx_KZPON9rrBZ2DOjg.roa (raw, json)
Hash identifier:          nOlSf5/gIgBrS3Ss81hWAxwT4iqkJ1gLyreAHocKlhk=
Subject key identifier:   48:69:19:D2:88:10:5C:5C:7F:29:93:CE:37:DA:EB:05:9D:83:3A:38
Certificate issuer:       /CN=262f7322fbe9743eb471383a090b35b5296a2a8a
Certificate serial:       018CC3B738CD676D74AD160C46C6071A770C
Authority key identifier: 26:2F:73:22:FB:E9:74:3E:B4:71:38:3A:09:0B:35:B5:29:6A:2A:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ji9zIvvpdD60cTg6CQs1tSlqKoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/SGkZ0ogQXFx_KZPON9rrBZ2DOjg.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28985
IP address blocks:        91.216.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/Ji9zIvvpdD60cTg6CQs1tSlqKoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/Ji9zIvvpdD60cTg6CQs1tSlqKoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ji9zIvvpdD60cTg6CQs1tSlqKoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:cd:67:6d:74:ad:16:0c:46:c6:07:1a:77:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=262f7322fbe9743eb471383a090b35b5296a2a8a
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=486919d288105c5c7f2993ce37daeb059d833a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9d:d1:37:06:c5:64:90:f8:8e:4c:38:cf:2a:
                    26:b3:13:7d:d3:cf:20:68:8d:27:9d:87:a8:96:8c:
                    bb:1f:3f:f4:38:35:1d:08:ab:04:6c:71:88:36:5f:
                    ea:cd:3b:ac:78:b4:82:4d:2e:9b:98:00:87:2a:49:
                    ff:61:ce:9c:fd:70:ad:40:ce:03:e5:ab:ab:99:3a:
                    f3:ae:b0:fc:0b:6e:15:04:b1:c2:e5:a4:fb:b6:06:
                    33:86:28:ae:75:96:14:11:2d:05:55:5a:16:05:2f:
                    f3:65:72:b6:48:c6:b5:81:a2:08:23:5f:bb:f2:5a:
                    a1:85:4f:1a:a6:4a:de:cb:1f:62:9b:4f:ad:61:2d:
                    66:86:a5:1e:bc:5d:a4:65:ed:1b:63:b5:62:ba:77:
                    74:dd:f9:9c:74:bd:85:8e:42:7a:8c:9f:d2:9e:3c:
                    62:e7:3d:98:2a:8d:07:ff:fb:47:5f:3e:ba:ab:91:
                    7d:3c:ed:cd:ee:a9:f3:15:06:4d:f7:2f:c0:da:21:
                    ee:95:fe:a4:c5:ca:96:69:1b:d2:89:27:a4:2d:e0:
                    5c:08:3e:5e:9a:40:1b:4e:14:a7:f5:1d:1c:19:0d:
                    c4:a7:a4:08:a5:f2:6b:e0:3f:5c:3d:ee:80:0f:92:
                    32:cc:3d:ec:be:e8:4b:85:c8:65:df:5a:9c:ac:c7:
                    47:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:69:19:D2:88:10:5C:5C:7F:29:93:CE:37:DA:EB:05:9D:83:3A:38
            X509v3 Authority Key Identifier:
                keyid:26:2F:73:22:FB:E9:74:3E:B4:71:38:3A:09:0B:35:B5:29:6A:2A:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ji9zIvvpdD60cTg6CQs1tSlqKoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/SGkZ0ogQXFx_KZPON9rrBZ2DOjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d07b15-2855-4388-bcb3-50e129c8a36c/1/Ji9zIvvpdD60cTg6CQs1tSlqKoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:04:a9:61:7f:21:fd:0e:be:4f:9e:a5:08:68:04:2f:f7:e6:
         be:ad:52:f1:d1:82:75:2c:f8:4c:9a:2f:a5:cd:a1:c0:4e:be:
         85:74:ca:f1:15:5c:e6:5e:61:e3:f9:d5:b8:66:b4:ee:14:21:
         d4:73:c0:26:3a:62:62:35:03:7a:1c:42:85:cd:25:03:53:53:
         e7:17:ea:ea:78:78:64:25:30:dd:6a:d4:fd:06:ee:3d:6d:22:
         d1:e5:df:7a:04:c4:d1:bd:9f:f8:c9:07:8e:70:c6:dd:4b:d1:
         20:90:19:4a:50:71:df:24:b9:47:a2:33:b9:15:52:a2:67:c7:
         97:c8:96:a9:bc:5c:da:e3:dd:1a:24:8a:df:f3:e6:2e:3f:4c:
         90:fa:b1:c6:c8:3a:3c:ac:14:f7:99:71:8c:c4:0d:1c:64:9a:
         97:16:b2:13:8c:79:b4:04:ed:8f:68:94:3c:2b:87:c5:16:20:
         76:9e:2e:60:e4:8a:97:64:ea:3c:81:11:41:da:45:60:12:38:
         70:68:d3:0a:9a:52:7d:c5:14:8b:b4:28:0d:33:52:6e:aa:5b:
         fb:ba:58:c8:91:5d:79:af:de:0c:3f:84:7e:2c:4c:a0:0d:b7:
         1e:a3:b8:66:e7:99:0f:f0:3a:7a:24:df:b9:b1:aa:39:4f:24:
         f4:71:4c:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzjNZ210rRYMRsYHGncMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MmY3MzIyZmJlOTc0M2ViNDcxMzgzYTA5MGIzNWI1Mjk2
YTJhOGEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY5MTlkMjg4MTA1YzVjN2YyOTkzY2UzN2RhZWIwNTlkODMzYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk53RNwbFZJD4jkw4zyomsxN9088g
aI0nnYeoloy7Hz/0ODUdCKsEbHGINl/qzTuseLSCTS6bmACHKkn/Yc6c/XCtQM4D
5aurmTrzrrD8C24VBLHC5aT7tgYzhiiudZYUES0FVVoWBS/zZXK2SMa1gaIII1+7
8lqhhU8apkreyx9im0+tYS1mhqUevF2kZe0bY7Viund03fmcdL2FjkJ6jJ/Snjxi
5z2YKo0H//tHXz66q5F9PO3N7qnzFQZN9y/A2iHulf6kxcqWaRvSiSekLeBcCD5e
mkAbThSn9R0cGQ3Ep6QIpfJr4D9cPe6AD5IyzD3svuhLhchl31qcrMdHuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhpGdKIEFxcfymTzjfa6wWdgzo4MB8GA1UdIwQY
MBaAFCYvcyL76XQ+tHE4OgkLNbUpaiqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmk5ekl2dnBkRDYwY1RnNkNRczF0U2xxS29vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kMDdiMTUtMjg1NS00Mzg4LWJjYjMt
NTBlMTI5YzhhMzZjLzEvU0drWjBvZ1FYRnhfS1pQT045cnJCWjJET2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kMDdiMTUtMjg1NS00Mzg4LWJjYjMtNTBlMTI5YzhhMzZj
LzEvSmk5ekl2dnBkRDYwY1RnNkNRczF0U2xxS29vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9htMA0G
CSqGSIb3DQEBCwUAA4IBAQAjBKlhfyH9Dr5PnqUIaAQv9+a+rVLx0YJ1LPhMmi+l
zaHATr6FdMrxFVzmXmHj+dW4ZrTuFCHUc8AmOmJiNQN6HEKFzSUDU1PnF+rqeHhk
JTDdatT9Bu49bSLR5d96BMTRvZ/4yQeOcMbdS9EgkBlKUHHfJLlHojO5FVKiZ8eX
yJapvFza490aJIrf8+YuP0yQ+rHGyDo8rBT3mXGMxA0cZJqXFrITjHm0BO2PaJQ8
K4fFFiB2ni5g5IqXZOo8gRFB2kVgEjhwaNMKmlJ9xRSLtCgNM1Juqlv7uljIkV15
r94MP4R+LEygDbceo7hm55kP8Dp6JN+5sao5TyT0cUy/
-----END CERTIFICATE-----